#!/bin/sh

ffcron()
{
	echo 'root' > /var/cron/allow
}

ffssh()
{
	ffbak /etc/ssh/sshd_config
	echo 'Port 11011' >> /etc/ssh/sshd_config
	service sshd restart
}

fflastcomm()
{
	ffrc 'accounting_enable="YES"'
}

ffflag()
{
	chflags schg /bin/*
	chflags schg /sbin/*
	ffrc 'kern_securelevel_enable="YES"'
	ffrc 'kern_securelevel="2"'
}

ffemail()
{
	sed -i '' "3s/#/root: $fcemail/1" /etc/mail/aliases
	newaliases
}

ffsendmail()
{
	ffrc 'sendmail_enable="NO"'
}

ffloginlog()
{
	echo 'net.inet.tcp.log_in_vain=1' >> /etc/sysctl.conf
	echo 'net.inet.udp.log_in_vain=1' >> /etc/sysctl.conf
}

ffinetd()
{
	ffrc 'inetd_enable="NO"'
}

ffddos()
{
	echo 'net.inet.icmp.drop_redirect=1' >> /etc/sysctl.conf
	echo 'net.inet.icmp.log_redirect=1' >> /etc/sysctl.conf
	echo 'net.inet.tcp.blackhole=2' >> /etc/sysctl.conf
	echo 'net.inet.udp.blackhole=1' >> /etc/sysctl.conf
}

ffupdate()
{
	clear
	echo -e "\e[1;42m We will update system!! \e[0m"
	/usr/sbin/freebsd-update fetch > /dev/null || /usr/sbin/freebsd-update fetch > /dev/null
	/usr/sbin/freebsd-update install 
}

ffsecu()
{
	ffcron && ffssh && fflastcomm && ffflag && ffsendmail && ffloginlog && ffinetd && ffddos  && ffupdate
}
